Search criteria
7 vulnerabilities found for OpenEnterprise SCADA Server by Emerson
VAR-202005-1060
Vulnerability from variot - Updated: 2024-02-13 22:41Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner. OpenEnterprise Is Emerson Provided by SCADA It is software. OpenEnterprise The following multiple vulnerabilities exist in. * Inappropriate ownership management (CWE-282) - CVE-2020-10632 * Insufficient cryptographic strength (CWE-326) - CVE-2020-10636 * Lack of authentication for important features (CWE-306) - CVE-2020-10640The expected impact depends on each vulnerability, but it may be affected as follows. * Inadequate access permission settings for folders in the system, important configuration files being tampered with by a local third party, resulting in system failure or unexpected behavior - CVE-2020-10632 * By a local third party OpenEnterprise Get the password for your user account - CVE-2020-10636 * Arbitrary commands can be executed with system privileges or arbitrary code can be executed via a specific communication path by a remote third party. - CVE-2020-10640. Emerson Electric OpenEnterprise is a set of data acquisition and monitoring system (SCADA) mainly used for remote oil and gas applications by Emerson Electric.
There is a security vulnerability in Emerson Electric OpenEnterprise 3.3.4 and earlier versions. The vulnerability results from the program setting unsafe permissions for folders. Attackers can use this vulnerability to modify important configuration files, causing system failures or anomalies. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-1060",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric openenterprise",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "\u003c=3.3.4"
},
{
"model": "openenterprise scada server",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "3.3.4"
},
{
"model": "openenterprise",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "3.3.4 \u306e\u5168\u3066"
}
],
"sources": [
{
"db": "IVD",
"id": "21189bd7-874f-4161-b42a-d22194346b1c"
},
{
"db": "IVD",
"id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
},
{
"db": "CNVD",
"id": "CNVD-2020-32663"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "NVD",
"id": "CVE-2020-10632"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:emerson:openenterprise_scada_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.3.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10632"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Roman Lozko of Kaspersky",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-953"
}
],
"trust": 0.6
},
"cve": "CVE-2020-10632",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-32663",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "21189bd7-874f-4161-b42a-d22194346b1c",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "83abc14e-eb03-44cf-90b6-cea015740c6c",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-10632",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004589",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004589",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 10,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004589",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-10632",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2020-10632",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-004589",
"trust": 0.8,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2020-004589",
"trust": 0.8,
"value": "Medium"
},
{
"author": "IPA",
"id": "JVNDB-2020-004589",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-32663",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-953",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "21189bd7-874f-4161-b42a-d22194346b1c",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "83abc14e-eb03-44cf-90b6-cea015740c6c",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-10632",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "21189bd7-874f-4161-b42a-d22194346b1c"
},
{
"db": "IVD",
"id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
},
{
"db": "CNVD",
"id": "CNVD-2020-32663"
},
{
"db": "VULMON",
"id": "CVE-2020-10632"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-953"
},
{
"db": "NVD",
"id": "CVE-2020-10632"
},
{
"db": "NVD",
"id": "CVE-2020-10632"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner. OpenEnterprise Is Emerson Provided by SCADA It is software. OpenEnterprise The following multiple vulnerabilities exist in. * Inappropriate ownership management (CWE-282) - CVE-2020-10632 * Insufficient cryptographic strength (CWE-326) - CVE-2020-10636 * Lack of authentication for important features (CWE-306) - CVE-2020-10640The expected impact depends on each vulnerability, but it may be affected as follows. * Inadequate access permission settings for folders in the system, important configuration files being tampered with by a local third party, resulting in system failure or unexpected behavior - CVE-2020-10632 * By a local third party OpenEnterprise Get the password for your user account - CVE-2020-10636 * Arbitrary commands can be executed with system privileges or arbitrary code can be executed via a specific communication path by a remote third party. - CVE-2020-10640. Emerson Electric OpenEnterprise is a set of data acquisition and monitoring system (SCADA) mainly used for remote oil and gas applications by Emerson Electric. \n\r\n\r\nThere is a security vulnerability in Emerson Electric OpenEnterprise 3.3.4 and earlier versions. The vulnerability results from the program setting unsafe permissions for folders. Attackers can use this vulnerability to modify important configuration files, causing system failures or anomalies. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10632"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNVD",
"id": "CNVD-2020-32663"
},
{
"db": "IVD",
"id": "21189bd7-874f-4161-b42a-d22194346b1c"
},
{
"db": "IVD",
"id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
},
{
"db": "VULMON",
"id": "CVE-2020-10632"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10632",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-140-02",
"trust": 3.1
},
{
"db": "CNVD",
"id": "CNVD-2020-32663",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202005-953",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU92838573",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "46744",
"trust": 0.6
},
{
"db": "IVD",
"id": "21189BD7-874F-4161-B42A-D22194346B1C",
"trust": 0.2
},
{
"db": "IVD",
"id": "83ABC14E-EB03-44CF-90B6-CEA015740C6C",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2020-10632",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "21189bd7-874f-4161-b42a-d22194346b1c"
},
{
"db": "IVD",
"id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
},
{
"db": "CNVD",
"id": "CNVD-2020-32663"
},
{
"db": "VULMON",
"id": "CVE-2020-10632"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-953"
},
{
"db": "NVD",
"id": "CVE-2020-10632"
}
]
},
"id": "VAR-202005-1060",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "21189bd7-874f-4161-b42a-d22194346b1c"
},
{
"db": "IVD",
"id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
},
{
"db": "CNVD",
"id": "CNVD-2020-32663"
}
],
"trust": 1.8000000166666665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "21189bd7-874f-4161-b42a-d22194346b1c"
},
{
"db": "IVD",
"id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
},
{
"db": "CNVD",
"id": "CNVD-2020-32663"
}
]
},
"last_update_date": "2024-02-13T22:41:56.862000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Emerson SupportNet",
"trust": 0.8,
"url": "https://www3.emersonprocess.com/remote/support/v3/main.html"
},
{
"title": "Patch for Emerson OpenEnterprise Rights Management Improper Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/221349"
},
{
"title": "Emerson Electric OpenEnterprise Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=119025"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32663"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-953"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10632"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-140-02"
},
{
"trust": 1.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-140-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10640"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10632"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10636"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu92838573"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-10632/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46744"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32663"
},
{
"db": "VULMON",
"id": "CVE-2020-10632"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-953"
},
{
"db": "NVD",
"id": "CVE-2020-10632"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "21189bd7-874f-4161-b42a-d22194346b1c"
},
{
"db": "IVD",
"id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
},
{
"db": "CNVD",
"id": "CNVD-2020-32663"
},
{
"db": "VULMON",
"id": "CVE-2020-10632"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-953"
},
{
"db": "NVD",
"id": "CVE-2020-10632"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-19T00:00:00",
"db": "IVD",
"id": "21189bd7-874f-4161-b42a-d22194346b1c"
},
{
"date": "2020-05-19T00:00:00",
"db": "IVD",
"id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
},
{
"date": "2020-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-32663"
},
{
"date": "2022-02-24T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10632"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"date": "2020-05-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-953"
},
{
"date": "2022-02-24T19:15:08.543000",
"db": "NVD",
"id": "CVE-2020-10632"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-32663"
},
{
"date": "2022-03-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10632"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-953"
},
{
"date": "2022-03-07T19:58:14.080000",
"db": "NVD",
"id": "CVE-2020-10632"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-953"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson Made OpenEnterprise Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "21189bd7-874f-4161-b42a-d22194346b1c"
},
{
"db": "IVD",
"id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-953"
}
],
"trust": 1.0
}
}
VAR-202008-1256
Vulnerability from variot - Updated: 2023-12-18 12:55Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained. OpenEnterprise Is Emerson Provided by SCADA It is software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202008-1256",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openenterprise scada server",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "3.3.5"
},
{
"model": "openenterprise",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "3.3.6 \u306e\u3059\u3079\u3066"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007820"
},
{
"db": "NVD",
"id": "CVE-2020-16235"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:emerson:openenterprise_scada_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.3.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16235"
}
]
},
"cve": "CVE-2020-16235",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.0,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 3.8,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-007820",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-16235",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2020-16235",
"trust": 1.0,
"value": "LOW"
},
{
"author": "IPA",
"id": "JVNDB-2020-007820",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-1217",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007820"
},
{
"db": "NVD",
"id": "CVE-2020-16235"
},
{
"db": "NVD",
"id": "CVE-2020-16235"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1217"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained. OpenEnterprise Is Emerson Provided by SCADA It is software",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16235"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007820"
},
{
"db": "VULMON",
"id": "CVE-2020-16235"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-20-238-02",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2020-16235",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU96730728",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007820",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.2916",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1217",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-16235",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-16235"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007820"
},
{
"db": "NVD",
"id": "CVE-2020-16235"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1217"
}
]
},
"id": "VAR-202008-1256",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.700000025
},
"last_update_date": "2023-12-18T12:55:54.355000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Emerson SupportNet (\u8981\u30ed\u30b0\u30a4\u30f3)",
"trust": 0.8,
"url": "https://www3.emersonprocess.com/remote/support/v3/main.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007820"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007820"
},
{
"db": "NVD",
"id": "CVE-2020-16235"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-238-02"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16235"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96730728/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2916/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-16235/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-16235"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007820"
},
{
"db": "NVD",
"id": "CVE-2020-16235"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1217"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-16235"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007820"
},
{
"db": "NVD",
"id": "CVE-2020-16235"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1217"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-16235"
},
{
"date": "2020-08-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007820"
},
{
"date": "2022-05-19T18:15:08.550000",
"db": "NVD",
"id": "CVE-2020-16235"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1217"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-16235"
},
{
"date": "2020-08-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007820"
},
{
"date": "2022-05-31T13:45:10.500000",
"db": "NVD",
"id": "CVE-2020-16235"
},
{
"date": "2022-06-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1217"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1217"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson Made OpenEnterprise Insufficient cryptographic strength vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007820"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1217"
}
],
"trust": 0.6
}
}
VAR-202005-1059
Vulnerability from variot - Updated: 2023-12-18 12:27Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained. OpenEnterprise Is Emerson Provided by SCADA It is software. OpenEnterprise The following multiple vulnerabilities exist in. * Inappropriate ownership management (CWE-282) - CVE-2020-10632 * Insufficient cryptographic strength (CWE-326) - CVE-2020-10636 * Lack of authentication for important features (CWE-306) - CVE-2020-10640The expected impact depends on each vulnerability, but it may be affected as follows. * Inadequate access permission settings for folders in the system, important configuration files being tampered with by a local third party, resulting in system failure or unexpected behavior - CVE-2020-10632 * By a local third party OpenEnterprise Get the password for your user account - CVE-2020-10636 * Arbitrary commands can be executed with system privileges or arbitrary code can be executed via a specific communication path by a remote third party. - CVE-2020-10640. Emerson Electric OpenEnterprise is a set of data acquisition and monitoring system (SCADA) mainly used for remote oil and gas applications by Emerson Electric. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-1059",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric openenterprise",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "\u003c=3.3.4"
},
{
"model": "openenterprise scada server",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "3.3.4"
},
{
"model": "openenterprise",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "3.3.4 \u306e\u5168\u3066"
}
],
"sources": [
{
"db": "IVD",
"id": "58031b0e-70fe-4e95-a4cc-8ddb87aaefa9"
},
{
"db": "IVD",
"id": "f46ecf09-7f03-43d5-ade5-b649be1b7ede"
},
{
"db": "CNVD",
"id": "CNVD-2020-32662"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "NVD",
"id": "CVE-2020-10636"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:emerson:openenterprise_scada_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.3.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10636"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Roman Lozko of Kaspersky",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-948"
}
],
"trust": 0.6
},
"cve": "CVE-2020-10636",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-32662",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "58031b0e-70fe-4e95-a4cc-8ddb87aaefa9",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "f46ecf09-7f03-43d5-ade5-b649be1b7ede",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004589",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004589",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 10,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004589",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-10636",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2020-10636",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2020-004589",
"trust": 0.8,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2020-004589",
"trust": 0.8,
"value": "Medium"
},
{
"author": "IPA",
"id": "JVNDB-2020-004589",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-32662",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-948",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "58031b0e-70fe-4e95-a4cc-8ddb87aaefa9",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "f46ecf09-7f03-43d5-ade5-b649be1b7ede",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "58031b0e-70fe-4e95-a4cc-8ddb87aaefa9"
},
{
"db": "IVD",
"id": "f46ecf09-7f03-43d5-ade5-b649be1b7ede"
},
{
"db": "CNVD",
"id": "CNVD-2020-32662"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "NVD",
"id": "CVE-2020-10636"
},
{
"db": "NVD",
"id": "CVE-2020-10636"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-948"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained. OpenEnterprise Is Emerson Provided by SCADA It is software. OpenEnterprise The following multiple vulnerabilities exist in. * Inappropriate ownership management (CWE-282) - CVE-2020-10632 * Insufficient cryptographic strength (CWE-326) - CVE-2020-10636 * Lack of authentication for important features (CWE-306) - CVE-2020-10640The expected impact depends on each vulnerability, but it may be affected as follows. * Inadequate access permission settings for folders in the system, important configuration files being tampered with by a local third party, resulting in system failure or unexpected behavior - CVE-2020-10632 * By a local third party OpenEnterprise Get the password for your user account - CVE-2020-10636 * Arbitrary commands can be executed with system privileges or arbitrary code can be executed via a specific communication path by a remote third party. - CVE-2020-10640. Emerson Electric OpenEnterprise is a set of data acquisition and monitoring system (SCADA) mainly used for remote oil and gas applications by Emerson Electric. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10636"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNVD",
"id": "CNVD-2020-32662"
},
{
"db": "IVD",
"id": "58031b0e-70fe-4e95-a4cc-8ddb87aaefa9"
},
{
"db": "IVD",
"id": "f46ecf09-7f03-43d5-ade5-b649be1b7ede"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10636",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-140-02",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-32662",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202005-948",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU92838573",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "46742",
"trust": 0.6
},
{
"db": "IVD",
"id": "58031B0E-70FE-4E95-A4CC-8DDB87AAEFA9",
"trust": 0.2
},
{
"db": "IVD",
"id": "F46ECF09-7F03-43D5-ADE5-B649BE1B7EDE",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "58031b0e-70fe-4e95-a4cc-8ddb87aaefa9"
},
{
"db": "IVD",
"id": "f46ecf09-7f03-43d5-ade5-b649be1b7ede"
},
{
"db": "CNVD",
"id": "CNVD-2020-32662"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "NVD",
"id": "CVE-2020-10636"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-948"
}
]
},
"id": "VAR-202005-1059",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "58031b0e-70fe-4e95-a4cc-8ddb87aaefa9"
},
{
"db": "IVD",
"id": "f46ecf09-7f03-43d5-ade5-b649be1b7ede"
},
{
"db": "CNVD",
"id": "CNVD-2020-32662"
}
],
"trust": 1.8000000166666665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "58031b0e-70fe-4e95-a4cc-8ddb87aaefa9"
},
{
"db": "IVD",
"id": "f46ecf09-7f03-43d5-ade5-b649be1b7ede"
},
{
"db": "CNVD",
"id": "CNVD-2020-32662"
}
]
},
"last_update_date": "2023-12-18T12:27:28.814000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Emerson SupportNet",
"trust": 0.8,
"url": "https://www3.emersonprocess.com/remote/support/v3/main.html"
},
{
"title": "Patch for Emerson Electric OpenEnterprise encryption problem vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/221347"
},
{
"title": "Emerson Electric OpenEnterprise Fixes for encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=119021"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32662"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-948"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10636"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-140-02"
},
{
"trust": 1.6,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-140-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10640"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10632"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10636"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu92838573"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46742"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-10636/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32662"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "NVD",
"id": "CVE-2020-10636"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-948"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "58031b0e-70fe-4e95-a4cc-8ddb87aaefa9"
},
{
"db": "IVD",
"id": "f46ecf09-7f03-43d5-ade5-b649be1b7ede"
},
{
"db": "CNVD",
"id": "CNVD-2020-32662"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "NVD",
"id": "CVE-2020-10636"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-948"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-19T00:00:00",
"db": "IVD",
"id": "58031b0e-70fe-4e95-a4cc-8ddb87aaefa9"
},
{
"date": "2020-05-19T00:00:00",
"db": "IVD",
"id": "f46ecf09-7f03-43d5-ade5-b649be1b7ede"
},
{
"date": "2020-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-32662"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"date": "2022-02-24T19:15:08.653000",
"db": "NVD",
"id": "CVE-2020-10636"
},
{
"date": "2020-05-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-948"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-32662"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"date": "2022-03-07T20:04:32.380000",
"db": "NVD",
"id": "CVE-2020-10636"
},
{
"date": "2022-03-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-948"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-948"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson Electric OpenEnterprise encryption problem vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32662"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-948"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-948"
}
],
"trust": 0.6
}
}
VAR-202005-1061
Vulnerability from variot - Updated: 2023-12-18 12:27Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service. OpenEnterprise Is Emerson Provided by SCADA It is software. OpenEnterprise The following multiple vulnerabilities exist in. * Inappropriate ownership management (CWE-282) - CVE-2020-10632 * Insufficient cryptographic strength (CWE-326) - CVE-2020-10636 * Lack of authentication for important features (CWE-306) - CVE-2020-10640The expected impact depends on each vulnerability, but it may be affected as follows. * Inadequate access permission settings for folders in the system, important configuration files being tampered with by a local third party, resulting in system failure or unexpected behavior - CVE-2020-10632 * By a local third party OpenEnterprise Get the password for your user account - CVE-2020-10636 * Arbitrary commands can be executed with system privileges or arbitrary code can be executed via a specific communication path by a remote third party. - CVE-2020-10640. Emerson Electric OpenEnterprise is a set of data acquisition and monitoring system (SCADA) mainly used for remote oil and gas applications by Emerson Electric.
Emerson Electric OpenEnterprise 3.3.4 and previous versions have security vulnerabilities. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-1061",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric openenterprise",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "\u003c=3.3.4"
},
{
"model": "openenterprise scada server",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "3.3.4"
},
{
"model": "openenterprise",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "3.3.4 \u306e\u5168\u3066"
}
],
"sources": [
{
"db": "IVD",
"id": "f79ad928-818e-44cd-b31c-fa78af6f0c02"
},
{
"db": "IVD",
"id": "86b065f4-46de-48ab-a901-1f7fa2d71b16"
},
{
"db": "CNVD",
"id": "CNVD-2020-32664"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "NVD",
"id": "CVE-2020-10640"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:emerson:openenterprise_scada_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.3.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10640"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Roman Lozko of Kaspersky",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-959"
}
],
"trust": 0.6
},
"cve": "CVE-2020-10640",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-32664",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "f79ad928-818e-44cd-b31c-fa78af6f0c02",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "86b065f4-46de-48ab-a901-1f7fa2d71b16",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004589",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004589",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 10,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004589",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-10640",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2020-10640",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-004589",
"trust": 0.8,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2020-004589",
"trust": 0.8,
"value": "Medium"
},
{
"author": "IPA",
"id": "JVNDB-2020-004589",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-32664",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-959",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "f79ad928-818e-44cd-b31c-fa78af6f0c02",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "86b065f4-46de-48ab-a901-1f7fa2d71b16",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f79ad928-818e-44cd-b31c-fa78af6f0c02"
},
{
"db": "IVD",
"id": "86b065f4-46de-48ab-a901-1f7fa2d71b16"
},
{
"db": "CNVD",
"id": "CNVD-2020-32664"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "NVD",
"id": "CVE-2020-10640"
},
{
"db": "NVD",
"id": "CVE-2020-10640"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-959"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service. OpenEnterprise Is Emerson Provided by SCADA It is software. OpenEnterprise The following multiple vulnerabilities exist in. * Inappropriate ownership management (CWE-282) - CVE-2020-10632 * Insufficient cryptographic strength (CWE-326) - CVE-2020-10636 * Lack of authentication for important features (CWE-306) - CVE-2020-10640The expected impact depends on each vulnerability, but it may be affected as follows. * Inadequate access permission settings for folders in the system, important configuration files being tampered with by a local third party, resulting in system failure or unexpected behavior - CVE-2020-10632 * By a local third party OpenEnterprise Get the password for your user account - CVE-2020-10636 * Arbitrary commands can be executed with system privileges or arbitrary code can be executed via a specific communication path by a remote third party. - CVE-2020-10640. Emerson Electric OpenEnterprise is a set of data acquisition and monitoring system (SCADA) mainly used for remote oil and gas applications by Emerson Electric. \n\r\n\r\nEmerson Electric OpenEnterprise 3.3.4 and previous versions have security vulnerabilities. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10640"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNVD",
"id": "CNVD-2020-32664"
},
{
"db": "IVD",
"id": "f79ad928-818e-44cd-b31c-fa78af6f0c02"
},
{
"db": "IVD",
"id": "86b065f4-46de-48ab-a901-1f7fa2d71b16"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10640",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-140-02",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-32664",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202005-959",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU92838573",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "46743",
"trust": 0.6
},
{
"db": "IVD",
"id": "F79AD928-818E-44CD-B31C-FA78AF6F0C02",
"trust": 0.2
},
{
"db": "IVD",
"id": "86B065F4-46DE-48AB-A901-1F7FA2D71B16",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f79ad928-818e-44cd-b31c-fa78af6f0c02"
},
{
"db": "IVD",
"id": "86b065f4-46de-48ab-a901-1f7fa2d71b16"
},
{
"db": "CNVD",
"id": "CNVD-2020-32664"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "NVD",
"id": "CVE-2020-10640"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-959"
}
]
},
"id": "VAR-202005-1061",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f79ad928-818e-44cd-b31c-fa78af6f0c02"
},
{
"db": "IVD",
"id": "86b065f4-46de-48ab-a901-1f7fa2d71b16"
},
{
"db": "CNVD",
"id": "CNVD-2020-32664"
}
],
"trust": 1.8000000166666665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "f79ad928-818e-44cd-b31c-fa78af6f0c02"
},
{
"db": "IVD",
"id": "86b065f4-46de-48ab-a901-1f7fa2d71b16"
},
{
"db": "CNVD",
"id": "CNVD-2020-32664"
}
]
},
"last_update_date": "2023-12-18T12:27:28.886000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Emerson SupportNet",
"trust": 0.8,
"url": "https://www3.emersonprocess.com/remote/support/v3/main.html"
},
{
"title": "Patch for Emerson OpenEnterprise key function certification missing vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/221353"
},
{
"title": "Emerson Electric OpenEnterprise Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=119031"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32664"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-959"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10640"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-140-02"
},
{
"trust": 1.6,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-140-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10640"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10632"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10636"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu92838573"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46743"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-10640/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32664"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "NVD",
"id": "CVE-2020-10640"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-959"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f79ad928-818e-44cd-b31c-fa78af6f0c02"
},
{
"db": "IVD",
"id": "86b065f4-46de-48ab-a901-1f7fa2d71b16"
},
{
"db": "CNVD",
"id": "CNVD-2020-32664"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "NVD",
"id": "CVE-2020-10640"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-959"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-19T00:00:00",
"db": "IVD",
"id": "f79ad928-818e-44cd-b31c-fa78af6f0c02"
},
{
"date": "2020-05-19T00:00:00",
"db": "IVD",
"id": "86b065f4-46de-48ab-a901-1f7fa2d71b16"
},
{
"date": "2020-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-32664"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"date": "2022-02-24T19:15:08.707000",
"db": "NVD",
"id": "CVE-2020-10640"
},
{
"date": "2020-05-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-959"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-32664"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"date": "2022-03-04T18:22:14.143000",
"db": "NVD",
"id": "CVE-2020-10640"
},
{
"date": "2022-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-959"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-959"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson Made OpenEnterprise Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-959"
}
],
"trust": 0.6
}
}
VAR-202002-1226
Vulnerability from variot - Updated: 2023-12-18 11:58A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server. Emerson OpenEnterprise SCADA Server Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Emerson Electric OpenEnterprise SCADA Server is a set of data acquisition and monitoring system (SCADA) servers for remote oil and gas applications from Emerson Electric. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-1226",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openenterprise scada server",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "3.3.3"
},
{
"model": "openenterprise scada server",
"scope": "gte",
"trust": 1.0,
"vendor": "emerson",
"version": "3.1"
},
{
"model": "openenterprise scada server",
"scope": "eq",
"trust": 1.0,
"vendor": "emerson",
"version": "2.8.3"
},
{
"model": "openenterprise scada server",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "2.83"
},
{
"model": "openenterprise scada server",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "3.1 \u304b\u3089 3.3.3"
},
{
"model": "electric openenterprise",
"scope": "gte",
"trust": 0.6,
"vendor": "emerson",
"version": "3.1,\u003c=3.3.3"
},
{
"model": "electric openenterprise scada server",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "2.83"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "openenterprise scada server",
"version": "2.8.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "openenterprise scada server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "068866e6-31a8-4e1f-8661-0851e0aa77ef"
},
{
"db": "CNVD",
"id": "CNVD-2020-13044"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002270"
},
{
"db": "NVD",
"id": "CVE-2020-6970"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:emerson:openenterprise_scada_server:2.8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emerson:openenterprise_scada_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.3.3",
"versionStartIncluding": "3.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6970"
}
]
},
"cve": "CVE-2020-6970",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-002270",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-13044",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "068866e6-31a8-4e1f-8661-0851e0aa77ef",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-002270",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-6970",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-002270",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-13044",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-923",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "068866e6-31a8-4e1f-8661-0851e0aa77ef",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "068866e6-31a8-4e1f-8661-0851e0aa77ef"
},
{
"db": "CNVD",
"id": "CNVD-2020-13044"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002270"
},
{
"db": "NVD",
"id": "CVE-2020-6970"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-923"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server. Emerson OpenEnterprise SCADA Server Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Emerson Electric OpenEnterprise SCADA Server is a set of data acquisition and monitoring system (SCADA) servers for remote oil and gas applications from Emerson Electric. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6970"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002270"
},
{
"db": "CNVD",
"id": "CNVD-2020-13044"
},
{
"db": "IVD",
"id": "068866e6-31a8-4e1f-8661-0851e0aa77ef"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6970",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-049-02",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-13044",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202002-923",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002270",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0626",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47489",
"trust": 0.6
},
{
"db": "IVD",
"id": "068866E6-31A8-4E1F-8661-0851E0AA77EF",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "068866e6-31a8-4e1f-8661-0851e0aa77ef"
},
{
"db": "CNVD",
"id": "CNVD-2020-13044"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002270"
},
{
"db": "NVD",
"id": "CVE-2020-6970"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-923"
}
]
},
"id": "VAR-202002-1226",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "068866e6-31a8-4e1f-8661-0851e0aa77ef"
},
{
"db": "CNVD",
"id": "CNVD-2020-13044"
}
],
"trust": 1.6888889
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "068866e6-31a8-4e1f-8661-0851e0aa77ef"
},
{
"db": "CNVD",
"id": "CNVD-2020-13044"
}
]
},
"last_update_date": "2023-12-18T11:58:48.209000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "OpenEnterprise SCADA Systems",
"trust": 0.8,
"url": "https://www.emerson.com/en-us/catalog/emerson-openenterprise-scada-systems"
},
{
"title": "Patch for Emerson OpenEnterprise SCADA Server Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/203833"
},
{
"title": "Emerson Electric OpenEnterprise SCADA Server Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110747"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13044"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002270"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-923"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002270"
},
{
"db": "NVD",
"id": "CVE-2020-6970"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-049-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6970"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6970"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47489"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0626/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13044"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002270"
},
{
"db": "NVD",
"id": "CVE-2020-6970"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-923"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "068866e6-31a8-4e1f-8661-0851e0aa77ef"
},
{
"db": "CNVD",
"id": "CNVD-2020-13044"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002270"
},
{
"db": "NVD",
"id": "CVE-2020-6970"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-923"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-18T00:00:00",
"db": "IVD",
"id": "068866e6-31a8-4e1f-8661-0851e0aa77ef"
},
{
"date": "2020-02-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13044"
},
{
"date": "2020-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002270"
},
{
"date": "2020-02-19T21:15:11.653000",
"db": "NVD",
"id": "CVE-2020-6970"
},
{
"date": "2020-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-923"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13044"
},
{
"date": "2020-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002270"
},
{
"date": "2020-02-28T18:54:27.857000",
"db": "NVD",
"id": "CVE-2020-6970"
},
{
"date": "2020-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-923"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-923"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson OpenEnterprise SCADA Server Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "068866e6-31a8-4e1f-8661-0851e0aa77ef"
},
{
"db": "CNVD",
"id": "CNVD-2020-13044"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "068866e6-31a8-4e1f-8661-0851e0aa77ef"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-923"
}
],
"trust": 0.8
}
}
CVE-2020-6970 (GCVE-0-2020-6970)
Vulnerability from cvelistv5 – Published: 2020-02-19 20:19 – Updated: 2024-08-04 09:18
VLAI?
Summary
A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server.
Severity ?
No CVSS data available.
CWE
- CWE-122 - HEAP-BASED BUFFER OVERFLOW CWE-122
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Emerson | OpenEnterprise SCADA Server |
Affected:
2.83 (if Modbus or ROC Interfaces have been installed and are in use)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:02.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-049-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenEnterprise SCADA Server",
"vendor": "Emerson",
"versions": [
{
"status": "affected",
"version": "2.83 (if Modbus or ROC Interfaces have been installed and are in use)"
}
]
},
{
"product": "OpenEnterprise",
"vendor": "Emerson",
"versions": [
{
"status": "affected",
"version": "3.1 through 3.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "HEAP-BASED BUFFER OVERFLOW CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-19T20:19:55",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-049-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-6970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenEnterprise SCADA Server",
"version": {
"version_data": [
{
"version_value": "2.83 (if Modbus or ROC Interfaces have been installed and are in use)"
}
]
}
},
{
"product_name": "OpenEnterprise",
"version": {
"version_data": [
{
"version_value": "3.1 through 3.3.3"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-049-02",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-049-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-6970",
"datePublished": "2020-02-19T20:19:55",
"dateReserved": "2020-01-14T00:00:00",
"dateUpdated": "2024-08-04T09:18:02.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6970 (GCVE-0-2020-6970)
Vulnerability from nvd – Published: 2020-02-19 20:19 – Updated: 2024-08-04 09:18
VLAI?
Summary
A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server.
Severity ?
No CVSS data available.
CWE
- CWE-122 - HEAP-BASED BUFFER OVERFLOW CWE-122
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Emerson | OpenEnterprise SCADA Server |
Affected:
2.83 (if Modbus or ROC Interfaces have been installed and are in use)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:02.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-049-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenEnterprise SCADA Server",
"vendor": "Emerson",
"versions": [
{
"status": "affected",
"version": "2.83 (if Modbus or ROC Interfaces have been installed and are in use)"
}
]
},
{
"product": "OpenEnterprise",
"vendor": "Emerson",
"versions": [
{
"status": "affected",
"version": "3.1 through 3.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "HEAP-BASED BUFFER OVERFLOW CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-19T20:19:55",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-049-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-6970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenEnterprise SCADA Server",
"version": {
"version_data": [
{
"version_value": "2.83 (if Modbus or ROC Interfaces have been installed and are in use)"
}
]
}
},
{
"product_name": "OpenEnterprise",
"version": {
"version_data": [
{
"version_value": "3.1 through 3.3.3"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-049-02",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-049-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-6970",
"datePublished": "2020-02-19T20:19:55",
"dateReserved": "2020-01-14T00:00:00",
"dateUpdated": "2024-08-04T09:18:02.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}